[SOLVED] Access Control Lists or Role-based access control in yii

Access Control Lists or Role-based access control in yii

hy i wanna understand what it the best methode to use and how if there is a simple exemple because i can't specify whitch rol to give to witch personne

public function accessRules()
{
    return array(
        array('allow',  // allow authenticated  to perform 'index' and 'view' actions
            'actions'=>array('index','view'),
            'users'=>array('@'),
        ),
        array('allow', // allow authenticated user to perform 'create' and 'update' actions
            'actions'=>array('create','update'),
            'users'=>array('@'),
        ),
        array('allow', // allow admin user to perform 'admin' and 'delete' actions
            'actions'=>array('admin','delete'),
            'users'=>array('admin'),
        ),
        array('deny',  // deny all users
            'users'=>array('*'),
        ),
    );
}

Solution

You can specify based on user roles like for editor you want show only edit user features and for publisher you can provide only access to block and unblock the user and so on. For eg: We have used the below code in our project

public function accessRules()
    {
        if(isset(Yii::app()->user->role) && Yii::app()->user->role == "superadmin"){
            $arr = array('create','update','admin','delete','block','help','download','forgot');
        } elseif(isset(Yii::app()->user->role) && Yii::app()->user->role == "admin") {
            $arr = array('help','download','forgot');
        } elseif(isset(Yii::app()->user->role) && Yii::app()->user->role == "editor") {
            $arr = array('update');
        } elseif(isset(Yii::app()->user->role) && Yii::app()->user->role == "publisher") {
            $arr = array('block');
        } else {
            $arr = array('');
        }
        return array(
            array('allow', // allow admin user to perform 'admin' and 'delete' actions
                'actions'=>$arr,
                'users'=>array('@'),
            ),
            array('deny',  // deny all users
                'users'=>array('*'),
            ),
        );
    }

Like wise you want to show a page only to registered user and some of the pages for both registered and guest users. We can do the same in the accessRules() function

To allow all users

array('allow', 
            'actions'=>array('create','update'),
            'users'=>array('*'),
        ),

To allow only registered users

array('allow', 
            'actions'=>array('create','update'),
            'users'=>array('@'),
        ),

To create restriction based on usernames

array('allow',
            'actions'=>array('create','update'),
            'users'=>array('username1','username2'),
        ),